VYPR

Lylme Spage

by Lylme

Source repositories

CVEs (8)

  • CVE-2024-34982CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.05

    An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2023-45952CriOct 17, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2023-45951CriOct 17, 2023
    risk 0.64cvss 9.8epss 0.01

    lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.

  • CVE-2024-36675CriJun 4, 2024
    risk 0.59cvss 9.1epss 0.01

    LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.

  • CVE-2024-36674MedJun 3, 2024
    risk 0.40cvss 6.1epss 0.00

    LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.

  • CVE-2024-9790MedOct 10, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-9789MedOct 10, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2024-9788MedOct 10, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to…